Project description

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting,
and recreating UEFI firmware volumes.
This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too.
Please use the example scripts for parsing tutorials.

If you need to parse and extract a large number of firmware files check out the -O option to auto-generate an output folder per file. If parsing and searching for internals in a shell the --echo option will print the input filename before parsing.

The firmware-type checker will decide how to best parse the file. If the --test option fails to identify the type, or calls it unknown, try to use the -b or --superbrute option. The later performs a byte-by-byte type checker.

Note: when injecting into a firmware file the user will be prompted for which section to replace. At the moment this is not-yet-scriptable.

IDA Python support

There is an included script to generate additional GUID labels to import into IDA Python
using Snare’s plugins. Using the -g LABEL the script will generate a Python dictionary-formatted output. This project will try to keep up-to-date with popular vendor GUIDs automatically.

This module has been tested on BIOS/UEFI/firmware updates from the following vendors.
Not every update for every product will parse, some may required a-priori decompression
or extraction from the distribution update mechanism (typically a PE).